CVE-2026-57239

Severity CVSS v4.0:
Pending analysis
Type:
CWE-427 Uncontrolled Search Path Element
Publication date:
08/07/2026
Last modified:
09/07/2026

Description

The user-controllable executable files will be directly executed by high-privilege processes, allowing low-privilege users to have the opportunity to elevate their privileges to NT AUTHORITY\SYSTEM.

Vulnerable products and versions

CPE From Up to
cpe:2.3:a:foxit:pdf_editor:*:*:*:*:*:*:*:* 13.2.4.24048 (including)
cpe:2.3:a:foxit:pdf_editor:*:*:*:*:*:*:*:* 14.0.0.33046 (including) 14.0.4.33508 (including)
cpe:2.3:a:foxit:pdf_editor:*:*:*:*:*:*:*:* 2023.1.0.15510 (including) 2023.3.0.23028 (including)
cpe:2.3:a:foxit:pdf_editor:*:*:*:*:*:*:*:* 2024.1.0.23997 (including) 2024.4.1.27687 (including)
cpe:2.3:a:foxit:pdf_editor:*:*:*:*:*:*:*:* 2025.1.0.27937 (including) 2025.3.0.35737 (including)
cpe:2.3:a:foxit:pdf_editor:*:*:*:*:*:*:*:* 2026.1.0.36452 (including) 2026.1.1.36485 (including)
cpe:2.3:a:foxit:pdf_reader:*:*:*:*:*:*:*:* 2026.1.1.36485 (including)
cpe:2.3:o:microsoft:windows:-:*:*:*:*:*:*:*


References to Advisories, Solutions, and Tools